mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 15:10:48 +01:00
Code Issues Projects Releases Wiki Activity

prop224: Support INTRODUCE2 cell replay cache

Browse source 
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2017-04-06 14:37:24 -04:00 committed by Nick Mathewson
parent 100386e659
commit 27dd1a716c
3 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/or/hs_cell.c
View file

@ -9,6 +9,7 @@
#include "or.h" #include "or.h"
#include "config.h" #include "config.h"
#include "rendservice.h" #include "rendservice.h"
#include "replaycache.h"
#include "hs_cell.h" #include "hs_cell.h"
#include "hs_ntor.h" #include "hs_ntor.h"
@ -460,6 +461,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
const hs_service_t *service) const hs_service_t *service)
{ {
int ret = -1; int ret = -1;
time_t elapsed;
uint8_t *decrypted = NULL; uint8_t *decrypted = NULL;
size_t encrypted_section_len; size_t encrypted_section_len;
const uint8_t *encrypted_section; const uint8_t *encrypted_section;
@ -477,8 +479,6 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
goto done; goto done;
} }
/* XXX: Add/Test replaycache. */
log_info(LD_REND, "Received a decodable INTRODUCE2 cell on circuit %u " log_info(LD_REND, "Received a decodable INTRODUCE2 cell on circuit %u "
"for service %s. Decoding encrypted section...", "for service %s. Decoding encrypted section...",
TO_CIRCUIT(circ)->n_circ_id, TO_CIRCUIT(circ)->n_circ_id,
@ -498,6 +498,15 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
goto done; goto done;
} }
/* Check our replay cache for this introduction point. */
if (replaycache_add_test_and_elapsed(data->replay_cache, encrypted_section,
encrypted_section_len, &elapsed)) {
log_warn(LD_REND, "Possible replay detected! An INTRODUCE2 cell with the"
"same ENCRYPTED section was seen %ld seconds ago. "
"Dropping cell.", elapsed);
goto done;
}
/* Build the key material out of the key material found in the cell. */ /* Build the key material out of the key material found in the cell. */
intro_keys = get_introduce2_key_material(data->auth_pk, data->enc_kp, intro_keys = get_introduce2_key_material(data->auth_pk, data->enc_kp,
data->subcredential, data->subcredential,

2
src/or/hs_cell.h
View file

@ -47,6 +47,8 @@ typedef struct hs_cell_introduce2_data_t {
curve25519_public_key_t client_pk; curve25519_public_key_t client_pk;
/* Link specifiers of the rendezvous point. Contains link_specifier_t. */ /* Link specifiers of the rendezvous point. Contains link_specifier_t. */
smartlist_t *link_specifiers; smartlist_t *link_specifiers;
/* Replay cache of the introduction point. */
replaycache_t *replay_cache;
} hs_cell_introduce2_data_t; } hs_cell_introduce2_data_t;
/* Build cell API. */ /* Build cell API. */

1
src/or/hs_circuit.c
View file

@ -811,6 +811,7 @@ hs_circ_handle_introduce2(const hs_service_t *service,
data.payload_len = payload_len; data.payload_len = payload_len;
data.link_specifiers = smartlist_new(); data.link_specifiers = smartlist_new();
data.is_legacy = ip->base.is_only_legacy; data.is_legacy = ip->base.is_only_legacy;
data.replay_cache = ip->replay_cache;
if (hs_cell_parse_introduce2(&data, circ, service) < 0) { if (hs_cell_parse_introduce2(&data, circ, service) < 0) {
goto done; goto done;